New York Power Authority partnership to address cybersecurity

Bob Beckstead, Watertown Daily Times, N.Y.
·3 min read

Jan. 27—WHITE PLAINS — The New York Power Authority is partnering with IronNet, a cybersecurity company, to address the safety of the authority's critical services.

Based on IronNet's proprietary machine learning and artificial intelligence, the cloud-based cybersecurity solution will help provide protection against cyber threats by detecting them early and stopping the attacks faster.

The partnership follows on the success of an initial pilot with five NYPA municipalities. Threats can be shared instantly to provide Collective Defense capabilities to NYPA and its key supply chain partners and strengthen the state's ability to protect the grid.

New York municipal utilities, partners and other relevant critical infrastructure state agencies will have the security of a radar-like view of the attack landscape, providing visibility in a wider and deeper range of threats across the state's entire power grid.

IronNet was founded in 2014 by retired Gen. Keith Alexander, and employs a number of former National Security Agency cybersecurity operations staff who have offensive and defensive cyber experience. They will play a critical role in defending against any cyber threats.

"In the same way that utilities band together to provide mutual aid after damaging weather events, NYPA is making collaborative responses to cyber attacks possible," Bill Welch, Co-CEO of IronNet, said in a statement. "We are proud to work with NYPA to enable all public utility stakeholders to adopt a proactive defense against any cyber adversary with an eye on the grid — from criminal groups to nation-states."

The threats are real, and NYPA undertook a series of independent assessments to keep pace with "the evolving threat landscape," NYPA Vice President and Chief Information Security Officer Eric Meyers said during Tuesday's cyber meeting between the authority and the New York State Canal Corp.

"2021 was a busy year for us as we continue to evolve our program. But, we also faced an unprecedented year in the cyber threat landscape starting off the year with the highly publicized SolarWinds vulnerability, a seemingly endless list of high-profile ransomware breaches" and other high-profile events during the year, he said.

SolarWinds, a major U.S. information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months.

NYPA Deputy Chief Information Security Officer Victor Costanza and Trustee Michael Balboni, chair of the Cyber and Physical Security Committee, agreed that action is necessary to avert threats.

"Given the rise of sophisticated cyber attacks, we need to help our municipal utilities implement a strong security program that can detect and mitigate attacks in real-time," Mr. Costanza said. "With the technologies provided by IronNet and AWS (Amazon Web Services), the IT and power infrastructures in NYPA's supply chain ecosystem can collect and share anonymized cyber threat information so we can defend our enterprise networks collectively, raising the security posture of all of us throughout the state."

"... we are in a time of unprecedented cybersecurity activity. In fact, if you just take a look at 2021, the first quarter versus the quarter year before, ransomware attacks went up 62%. And, with all the different things going on, including what might be happening in Ukraine, we are ever vigilant to make sure that we understand the threat landscape and its ever-evolving nature," Mr. Balboni told NYPA trustees during their meeting later Tuesday morning.